Question

我正在使用-oBatchMode = yes来禁止交互密码，以防密钥配置错误。

我使用'diff'来比较调试输出，直到'Server accepted key：pkalg ssh-rsa blen 279'才会有变化，其中下一行是'Authentication succeeded'或尝试更多私钥。

从脚本和命令行，无批处理模式运行会导致成功登录：

$ ssh -v  qa@192.168.19.81  uptime
.
.
Warning: Permanently added '192.168.19.81' (ECDSA) to the list of known hosts.
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/tim/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
--- things change from here
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.19.81 ([192.168.19.81]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Requesting authentication agent forwarding.
debug1: Sending command: uptime
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
13:24  up 3 days,  3:04, 2 users, load averages: 1.76 1.62 1.61
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2768, received 3080 bytes, in 0.0 seconds
Bytes per second: sent 129171.8, received 143731.6
debug1: Exit status 0

但是-oBatchMode = yes：

也是如此

$ ssh -v -oBatchMode=yes  qa@192.168.19.81  uptime
OpenSSH_7.4p1, LibreSSL 2.5.0
.
.
debug1: Offering RSA public key: /Users/tim/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
--- things change from here
debug1: Trying private key: /Users/tim/.ssh/id_dsa
debug1: Trying private key: /Users/tim/.ssh/id_ecdsa
debug1: Trying private key: /Users/tim/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
$

远程机器： Darwin qa-ffc-mbp-2.lnd 16.7.0 Darwin Kernel Version 16.7.0：Thu Jun 15 17:36:27 PDT 2017; root：xnu-3789.70.16~2 / RELEASE_X86_64 x86_64

我的机器： Darwin TimBs-MacBook-Pro-3483.local 16.6.0 Darwin Kernel Version 16.6.0：Fri Apr 14 16:21:16 PDT 2017; root：xnu-3789.60.24~6 / RELEASE_X86_64 x86_64

更新：我从没有此问题的帐户复制了id_rsa和id_rsa.pub，它开始工作了。但我的id_rsa.pub正确列在目标机器的authorized_keys中。我甚至从私有公钥中重新生成我的公钥，以防它被破坏。没有骰子。由于显而易见的原因，我不愿意改变我的密钥。

Answer 1

似乎Apple BatchMode=yes

禁用了Apple对钥匙串的整合

如果我eval $(ssh-agent)和ssh-add我的身份，一切正常。

其他帐户密钥的工作原因是因为它有一个空密码短语。

Answer 2

您可以尝试将这些行添加到〜/ .ssh / config文件中：

Host *
UseKeychain yes
AddKeysToAgent yes

ssh与-oBatchMode = yes失败;没有成功 - 没有要求密码

2 个答案: